Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
41
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
110
Getting Blindly Lucky
jr0ch17
0
75
Qu'est-ce que le bug bounty?
jr0ch17
0
110
Finding 5 bugs in a single parameter
jr0ch17
0
80
Beyond the Borders of Scope
jr0ch17
0
66
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
Google Agentspaceを実際に導入した効果と今後の展望
mixi_engineers
PRO
2
260
モバイルゲームの開発を支える基盤の歩み ~再現性のある開発ラインを量産する秘訣~
qualiarts
0
1.1k
Gemini in Android Studio - Google I/O Bangkok '25
akexorcist
0
180
【CEDEC2025】ブランド力アップのためのコンテンツマーケティング~ゲーム会社における情報資産の活かし方~
cygames
PRO
0
230
S3 Glacier のデータを Athena からクエリしようとしたらどうなるのか/try-to-query-s3-glacier-from-athena
emiki
0
140
AI コードレビューが面倒すぎるのでテスト駆動開発で解決しようとして読んだら、根本的に俺の勘違いだった
mutsumix
0
160
AI人生苦節10年で会得したAIがやること_人間がやること.pdf
shibuiwilliam
1
270
AI時代の経営、Bet AI Vision #BetAIDay
layerx
PRO
1
1.6k
ビジネス文書に特化した基盤モデル開発 / SaaSxML_Session_2
sansan_randd
0
250
多様なニーズに応える Movable Type ラインナップ 全紹介
masakah
0
120
Power Automate のパフォーマンス改善レシピ / Power Automate Performance Improvement Recipes
karamem0
0
290
SAE J1939シミュレーション環境構築
daikiokazaki
1
220
Featured
See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
283
13k
Git: the NoSQL Database
bkeepers
PRO
431
65k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.5k
It's Worth the Effort
3n
185
28k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
[RailsConf 2023] Rails as a piece of cake
palkan
56
5.7k
Mobile First: as difficult as doing things right
swwweet
223
9.8k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
mixi_engineers
qualiarts
akexorcist
cygames
emiki
mutsumix
shibuiwilliam
layerx
sansan_randd
masakah
karamem0
daikiokazaki
stephaniewalter
bkeepers
eileencodes
3n
aarron
sonatard
palkan
swwweet
geoffreycrofte
samanthasiow
kastner
